Creating a public identity for an entity on a network

ABSTRACT

A system is disclosed for establishing a public identity for an entity on a private network. In one embodiment, a first entity can initiate a request to create a binding of a public address to a private address for itself. The existence of this public address for the first entity can be made known so that other entities can use the public address to communicate with the first entity. The present invention allows entities outside of a private network to initiate communication with an entity inside a private network.

CROSS REFERENCE TO RELATED APPLICATIONS

[0001] This application is related to the followingpatents/applications:

[0002] DOMAIN NAME ROUTING, Hasan S. Alkhatib, U.S. Pat. No. 6,119,171;

[0003] IPNET GATEWAY, Hasan S. Alkhatib and Bruce C. Wootton, U.S.application Ser. No. 09/167,709, filed on Oct. 6, 1998; and

[0004] PSEUDO ADDRESSING, Wootton, et al., U.S. application Ser. No.09/637,803, filed on Aug. 11, 2000.

[0005] Each of the related patents/applications are incorporated hereinby reference.

BACKGROUND OF THE INVENTION

[0006] 1. Field of the Invention

[0007] The present invention is directed to technology for creating apublic identity for an entity on a network.

[0008] 2. Description of the Related Art

[0009] Most machines on the Internet use the Transmission ControlProtocol/Internet Protocol (TCP/IP) reference model to send data toother machines on the Internet. The TCP/IP reference model includes fourlayers: the physical and data link layer, the network layer, thetransport layer, and the application layer. The physical layer portionof the physical and data link layer is concerned with transmitting rawbits over a communication channel. The data link portion of the Physicaland Data Link layer takes the raw transmission facility and transformsit into a line that appears to be relatively free of transmissionerrors. It accomplishes this task by having the sender break the inputdata up (or encapsulate) into frames, transmit the frames, and processthe acknowledgment frames sent back by the receiver.

[0010] The network layer permits a host to inject packets into a networkand have them travel independently to the destination. On the Internet,the protocol used for the network layer is the Internet Protocol (IP).

[0011] The transport layer is designed to allow peer entities on thesource and destination to carry on a “conversation.” On the Internet,two protocols are used. The first one, the Transmission Control Protocol(TCP), is a reliable connection-oriented protocol that allows a bytestream originating on one machine to be delivered without error toanother machine on the Internet. It fragments the incoming byte streaminto discrete packets and passes each one to the network layer. At thedestination, the receiving TCP process reassembles the received packetsinto the output stream. TCP also handles flow control to make sure afast sender cannot swamp a slow receiver with more packets than it canhandle and manages congestion. The second protocol used in the transportlayer on the Internet is the User Datagram Protocol (UDP), which doesnot provide the TCP sequencing or flow control. UDP is typically usedfor one-shot, client server type requests-reply queries for applicationsin which prompt delivery is more important than accurate delivery.

[0012] The transport layer is typically thought of as being above thenetwork layer to indicate that the network layer provides a service tothe transport layer. Similarly, the transport layer is typically thoughtof as being below the application layer to indicate that the transportlayer provides a service to the application layer.

[0013] The application layer contains the high level protocols, forexample, Telnet, File Transfer Protocol (FTP), Electronic Mail—SimpleMail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP).

[0014] To transmit data from a source to a destination, the InternetProtocol uses an IP address. An IP address is four bytes long, andconsists of a network number and a host number. When written out, IPaddresses are specified as four numbers separated by dots (e.g.198.68.70.1). Users and software applications do not always refer tohosts or other resources by their numerical IP address. Instead of usingnumbers, they use ASCII strings called domain names. The Internet uses aDomain Name System (DNS) to convert a domain name to an IP address.

[0015] The Internet Protocol has been in use for over two decades. Ithas worked extremely well, as demonstrated by the exponential growth ofthe Internet. Unfortunately, the Internet is rapidly becoming a victimof its own popularity: it is running out of addresses.

[0016] One proposed solution to the depleting address problem is NetworkAddress Translation (NAT). This concept includes predefining a number ofnetwork addresses to be private addresses. The remainder of theaddresses is considered global or public addresses. Public addresses areunique addresses that should only be used by one entity having access tothe Internet. That is, no two entities on the Internet should have thesame public address. Private addresses are not unique and are typicallyused for entities not having direct access to the Internet. Privateaddresses can be used by more than one organization or network. In thepast, a private address could not be used to route on the Internet. NATassumes that all of the machines on a network will not need to accessthe Internet at all times. Therefore, there is no need for each machineto have a public address. A local network can function with one or asmall number of public addresses assigned to one or more gatewaycomputers. The remainder of the machines on the network will be assignedprivate addresses. Since entities on the network have private addresses,the network is considered to be a private network.

[0017] When a particular machine having a private address on the privatenetwork attempts to initiate a communication with a machine outside ofthe private network (e.g. via the Internet), the gateway machine willintercept the communication, change the source machine's private addressto a public address, change the port number and set up a table fortranslation between public addresses and private addresses. The tablecan contain the destination address, port numbers, sequencinginformation, byte counts and internal flags for each connectionassociated with a host address. Inbound packets are compared againstentries in the table and permitted through the gateway only if anappropriate connection exists to validate their passage. One problemwith the NAT approach is that it only works for communication initiatedby a host within the private network to a host on the Internet which hasa public IP address. The NAT approach specifically will not work if thecommunication is initiated by a host outside of the private network andis directed to a host with a private address in the private network.

[0018] Another problem is that mobile computing devices can be moved tonew and different networks, including private networks. These mobilecomputing devices may need to be reachable so that a host outside of theprivate network can initiate communication with the mobile computingdevice. However, in this case the problem is two-fold. First, there isno means for allowing the host outside of the private network toinitiate communication with the mobile computing device in the privatenetwork. Second, the host outside the private network does not know theaddress for the mobile computing device or the network that the mobilecomputing device is currently connected to.

SUMMARY OF THE INVENTION

[0019] The present invention, roughly described, pertains to a systemfor establishing a public identity for an entity on a network. A firstentity can initiate a request to create a binding of a public address toa private address for itself. The existence of this public address forthe first entity can be made known so that other entities can use thepublic address to communicate with the first entity. The presentinvention allows entities outside of a private network to initiatecommunication with an entity inside the private network.

[0020] One embodiment of the present invention includes a first entityelectronically requesting a public address for itself. The first entityhas a private address prior to requesting the public address. The firstentity electronically receives and stores the public address, andcommunicates using the public address. In one implementation, the firstentity connected to the network and received the private address for thenetwork prior to requesting the public address.

[0021] In some embodiments, the first entity publishes its publicaddress for other entities to find. For example, the public address canbe stored in a DNS resource record or on a server connected to theInternet for purposes of storing public identities. Using the firstentity's domain name, or another identifier, other entities can find thepublic address for the first entity and initiate communication with thefirst entity.

[0022] The present invention can be accomplished using hardware,software, or a combination of both hardware and software. The softwareused for the present invention is stored on one or more processorreadable storage media including hard disk drives, CD-ROMs, DVDs,optical disks, floppy disks, tape drives, RAM, ROM or other suitablestorage devices. In alternative embodiments, some or all of the softwarecan be replaced by dedicated hardware including custom integratedcircuits, gate arrays, FPGAs, PLDs, and special purpose computers.

[0023] These and other objects and advantages of the present inventionwill appear more clearly from the following description in which thepreferred embodiment of the invention has been set forth in conjunctionwith the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0024]FIG. 1 depicts a block diagram of one embodiment of the componentsof the present invention.

[0025]FIG. 2 is a flow chart describing one embodiment of the presentinvention.

[0026]FIG. 3 is a flow chart describing one embodiment of a process foracquiring a public address.

[0027]FIG. 4 is a flow chart describing one embodiment of a process forpublishing a public address.

[0028]FIG. 5 is a flow chart describing one embodiment of a process forcommunicating using the public identity according to the presentinvention.

[0029]FIG. 6 is a flow chart describing a second embodiment of a processfor communicating using the public identity according to the presentinvention.

[0030]FIG. 7 is a flow chart describing a third embodiment of a processfor communicating using the public identity according to the presentinvention.

DETAILED DESCRIPTION

[0031]FIG. 1 is a block diagram of one embodiment of the components ofthe present invention. FIG. 1 shows private network 10 in communicationwith the Internet. In addition to the Internet, the present inventioncan be used with other networks. The components connected to privatenetwork 10 include gateway (or edge) device 12, DHCP server 14, entity16, entity 18, and entity 20. Gateway 12 provides an interface to theInternet. In one embodiment, gateway 12 implements NAT. FIG. 1 showsentity 20 labeled as host A. Thus, host A is an entity in (or connectedto) a private network. In one embodiment, host A is a mobile computingdevice. When host A connects to private network 10, it is assigned aprivate address by DHCP server 14. In one embodiment, host A needs useof a public address to communicate on the Internet. FIG. 1 also showsserver 30 and host B 40 connected to Internet.

[0032] The various components of FIG. 1 can include any suitable devicethat can communicate on a network, including mobile and non-mobilecomputing devices such as desktop computers, laptop computers,telephones, handheld computing devices, network appliances, servers,routers, gateways, etc. In one embodiment, each (or some) of theentities has a communication device (e.g. network interface), one ormore storage devices, I/O devices and one or more processors incommunication with the communication device, storage devices and I/Odevices. The one or more processors are programmed to implement thepresent invention. All or part of the invention can include softwarestored on one or more storage devices to program the one or moreprocessors. The invention can also be implemented using dedicated orcustom built hardware. The entities can also be a process, thread, etc.

[0033] In one embodiment of the present invention, host A is assigned aprivate address from DHCP server 14 upon connection to network 10. HostA subsequently requests gateway 12 to provide host A with a publicaddress and to bind that public address to the private address for hostA. Host A subsequently publishes its new public address with server 30.Host B is a computer (or other entity) with a public IP address. Host Bknows the domain name for host A; however, host B does not know anaddress for host A. According to the present invention, host B requestsserver 30 to resolve the domain name for host A. Server 30 responds tohost B's request by returning the new public address for host A. Host Bcreates a communication for host A and sends that communication to hostA using the public address received from server 30.

[0034] The present invention pertains to the creation of a binding of apublic identity to a private identity for an entity on a network. Forthe current state of the Internet, domain names, private IP addressesand public IP addresses can be used. For other networks, protocols,configurations, situations and scenarios, identifiers other than domainnames and IP addresses can be used according to the present invention.For purposes of this document, the term “address” has a broader meaningthan the concept of an IP address. That is, the term “address” is usedin this document to mean something that is used to locate or identify anentity or thing.

[0035]FIG. 2 is a flow chart describing one embodiment of the presentinvention. In step 102, host A connects to network 10. In oneembodiment, host A is a mobile computing device (e.g. laptop, handheldcomputing device, telephone, etc.) and step 102 includes physicallyconnecting to network 102. Step 102 can also include turning on thepower for a computing device and/or the computing device becoming activeon network 10. In step 104, host A acquires a private address. In oneembodiment, host A uses DHCP to obtain a private address from DHCPserver 14. Other means for obtaining a private address can also be used.Additionally, the present invention will also work with a computingdevice that has a static private IP addresses. In step 106, host Aacquires a public identity. One example of a public identity is a publicaddress. In step 108, host A publishes its public identity. By publish,is meant that host A makes its public identity available to otherentities. In one embodiment, publishing includes informing a serveravailable on the Internet of the new public IP address for host A. Instep 110, host A uses its public identity to communicate with otherentities outside of the private network. In one embodiment, the newpublic address for host A is temporary. That is, host A will use thisaddress for a finite amount of time and then stop using the publicaddress. For example, if host A is a laptop computer, host A may beconnected to the private network for one day and, therefore, would onlyuse the public address for one day. Thereafter, host A would beconnected to a different network and may use a different public address.

[0036]FIG. 3 is a flowchart that explains one embodiment of the processof acquiring a public identity (step 106 of FIG. 2). In step 160, host Abroadcasts a DISCOVER message. In one embodiment, host A will acquireits public address from gateway 12. Host A communicates with gateway 12using a newly designed protocol. Each message of the newly designedprotocol will be sent in the payload of a UDP segment. The newlydesigned protocol will include a set of codes, including DISCOVERaddress server, RESPONSE TO DISCOVER, REQUESTS FOR ADDRESS, RESPONSE TOREQUEST FOR ADDRESS, ACKNOWLEDGMENT and RELINQUISH ADDRESS. The codeDISCOVER is used to discover an address server that will supply thepublic address. It is assumed that if a mobile (or non-mobil) computingdevice connects to a new private network, that device does not know whatentity on the network will be supplying the public address. Therefore,in step 160, host A broadcasts a DISCOVER message to every entity onprivate network 10. Only gateway 12, the entity providing publicaddresses according to the present invention in the current example,will respond to the DISCOVER message (step 162). Upon receiving theresponse from gateway 12, host A now knows the address for the serversupplying the public addresses. In step 164, host A sends a REQUEST FORADDRESS to gateway 12. Gateway 12 will receive that request, and if ithas addresses to provide, gateway 12 will respond to the request in step166. The response will identify the public IP address offered to host Aand will indicate a lease time. The lease time indicates how long host Amay continue to use the public address. Host A will store the publicaddress and lease time, and send an ACKNOWLEDGMENT in step 168.

[0037] Upon receiving the ACKNOWLEDGEMENT, gateway 12 will bind thepublic address offered to host A to the private address for host A.Additionally, local tables that need to be updated will be updated. Forexample, in one embodiment gateway 12 (or another entity on network 10)will maintain a table that associates IP addresses with MAC addresses(e.g. addresses of Ethernet devices). Such a table will be updated toassociate the MAC address for host A with the new public IP address forhost A. Other tables may also be updated, as suitable for the particularimplementation. In other embodiments, gateway 12 can assign public IPaddresses in a manner more similar to DHCP.

[0038] In one embodiment, host A has a domain name and one or more DNSresource records stored on the Internet according to the standard DomainName System. One embodiment of publishing the new public IP address forhost A (step 108 of FIG. 2) is to update the resource records for hostA.

[0039] Resource records are used to resolve a domain name. A resolverprocess converts the domain name to an IP address. Entities that havepublic addresses and communicate on the Internet have a set of resourcerecords associated with it. When a resolver process gives a domain nameto the domain name system, it gets back the resource records associatedwith that domain name.

[0040] A resource record has five fields: domain name, time to live,class, type and value. The time to live field provides an indication ofhow stable the record is. Information that is highly stable is assigneda large value such as the number of seconds in a day. The third field isthe class. For the Internet the class is IN. The fourth field indicatesthe type of resource record. One domain may have many resource records.There are at least eight types of resource records that are of interestto this discussion: SOA, A, MX, NS, CNAME, PTR, HINFO, and TXT. Thevalue field for an SOA record provides the name of the primary source ofinformation about the name server zone, e-mail address of itsadministrator, a unique serial number and various flags and time outs inthe value field. The value field for an A record holds a 32 bit IPaddress for the host. The value field for the MX record holds the domainname of the entity willing to accept e-mail for that particular domainname. The NS record specifies name servers. The CNAME record allowsaliases to be created in the value field. A PTR record points to anothername in the value field, which allows look up of an IP address for aparticular domain name. The value field of the HINFO record indicatesthe type of machine and operating system that the domain namecorresponds to. An example of resource records for a host is found belowin Table 1. TABLE 1 Domain Name Time to Live Class Type Valuesaturn.ttc.com 86400 IN HINFO Sun unix saturn.ttc.com 86400 IN A188.68.70.1 saturn.ttc.com 86400 TN MX mars.ttc.com

[0041] Table 1 includes three resource records for an entity with adomain name of saturn.ttc.com. The first resource record indicates atime to live of 86,400 seconds (one day). The type of record is HINFOand the value indicates that the entity is a Sun workstation running theUNIX operating system. The second line is a resource record of type A,which indicates that the IP address for saturn.ttc.com is 198.68.70.1.The third line indicates that e-mail for saturn.ttc.com should be sentto mars.ttc.com. It is likely that there will also be a DNS resourcerecord that indicates the IP address for mars.ttc.com.

[0042] The DNS name space is divided into non-overlapping zones. Eachzone is some part of the Internet space and contains name serversholding the authoritative information about that zone. Normally, a zonewill have one primary name server and one or more secondary name serverswhich get their information from the primary name server. When aresolver process has a query about a domain name, it passes the query toone of the local name servers. If the host being sought falls under thejurisdiction of that name server, then that domain name server returnsthe authoritative resource record. An authoritative record is one thatcomes from the authority that manages the record. If, however, the hostis remote and no information about the requested host is availablelocally, the name server sends a query message to the top level nameserver for the host requested. The top level name server will thenprovide the resource records to the local name server which may cachethe information and forward it to the original resolver process. Sincethe cached information in the local name server is not the authoritativerecord, the time to live field is used to determine how long to use thatinformation. The resource records for host A can be updated by usingDynamic DNS or other protocols/methods known in the art.

[0043] Another embodiment of publishing the new public IP address forhost A (step 108 of FIG. 2) is to have a server keep track of the publicaddresses for the entities using the present invention. The server canbe outside of the private network (e.g. server 30) or inside the privatenetwork. In one implementation, gateway 12 can perform the functionalityof the server. The server can maintain a table that associates domainnames (or other identifiers) with public IP addresses (or other publicidentities).

[0044]FIG. 4 provides a flowchart describing one embodiment of a processof publishing the public IP address to a server (e.g. server 30) keepingtrack of the public addresses for the entities using the presentinvention. In step 202, host A sends a message to server 30. The messageincludes the public IP address for host A and the domain name (or otheridentifier) for host A. In one implementation, the message can be an IPpacket, TCP segment or UDP segment that has the domain name (or otheridentifier) imbedded in the packet or segment. For example, the domainname can be placed in the options field or payload of an IP packet.Alternatively, a newly designed protocol can be used which places codesin the payload portion of a UDP segment. In other implementations, themessage can use protocols other than UDP or TCP/IP. In step 204, server30 receives the message sent from host A. In step 206, server 30 readsthe public TP address for host A and the domain name for host A from themessage received in step 204. In step 208, server 30 determines whetheran entry already exists in its table that corresponds to the receiveddomain name. If such an entry already exists in the table, then thattable entry is updated to include the newly received public IP addressin step 212. The entry includes a time stamp, which is also updated instep 212 to the current time. If an entry corresponding to the domainname does not already exist in the table, then a new entry is createdand stored in the table in step 214. The new entry includes the domainname and the newly received public IP address for host A. The new entryalso includes a time stamp indicating when the new entry was created.Server 30 uses the time stamp to determine whether the entry is invalidor stale. An entry that is to old will not be used. After either step212 or step 214, server 30 sends an acknowledgment to host A in step216. The acknowledgement can be a TCP segment, UDP segment or IP packetthat simply responds back to host A; a message according to a newprotocol that includes an acknowledgement code in a UDP segment; oranother protocol can be used. The above discussion assumes that host Ais the entity responsible for publishing its new public address. Inother embodiments, other entities such as gateway 12 can be responsiblefor publishing the new public address for host A.

[0045] After host A (or another entity) has published its new publicidentity, other entities outside of private network 10 can communicatewith host A. These communications can be initiated by host A or anentity outside of private network 10. In one embodiment, communicationsbetween host A and entities outside of private network 10 are sent toeach other directly using the public IP address published for host A. Inother embodiments, communications between host A and entities outside ofprivate network 10 are sent to each other via gateway 12, where gateway12 provides a translation as described below. Note that in oneembodiment, the public IP address for host A is routable to gateway 12.

[0046]FIG. 5 is a flowchart describing one embodiment for communicatingwith host A that involves sending communications directly between host Aand the entity communicating with host A. For example purposes, it isassumed that host B (see FIG. 1) is initiating communication with hostA. Host B is an entity on the Internet with a public IP address.Alternatively, host B can be an entity in a private network using NAT orother means to communicate on the Internet. It is assumed, however, thathost B is not in private network 10. In step 260 of FIG. 5, host Brequests and receives resolution of the domain name for host A. In oneembodiment, the domain name is resolved using the standard domain namesystem. In another embodiment, the domain name is resolved using server30. As a result of the resolution of the domain name for host A, host Bnow has the current public IP address for host A. In step 262, host Bcreates one or more packets to be sent to host A. These packets includethe public IP address for host A as the destination address. The IPpackets are sent to host A in step 264. After receiving the IP packets,host A creates a response to host B in step 266. This response includesone more IP packets. The IP packets created by host A use the public IPaddress for host A as the source address. These packets created by hostA are sent to host B in step 268. Host A and host B can continue tocommunicate with each other using steps 262-268. Note that there is nouse of the private address for communication between host A and entitiesoutside of the private network.

[0047] In one embodiment of the process of FIG. 5, host A resides in aprivate network that consists of a LAN with no subnets. In oneimplementation of this embodiment, gateway 12 routes the communicationto host A. For example, the packets sent to host A are received bygateway 12, which uses its internal table to identify a MAC address forhost A. Gateway 12 then forwards the communication to host A using theMAC address.

[0048] In another embodiment of the process of FIG. 5, host A resides ina network that includes subnets. In some embodiments, each subnetincludes its own router. In many cases, each host in a subnet shares acommon IP address prefix. This prefix includes the network number, orthe network number and subnet number. In one implementation of thepresent invention, the public addresses to be assigned to the privatehosts are grouped and reserved for each subnet so that hosts on aparticular subnet will have the same prefix in their public IP address.This can be wasteful, since addresses will be reserved for a subnet andmay go unused if the demand from the subnet does not meet the store ofaddresses. An alternative is to not reserve addresses for each subnetand not require each host in the subnet to share a common prefix in itspublic address. To accomplish this, when a new public address isassigned to a host, that address is treated as a host specific address.This means that in the routers, the subnet mask for the address is allones. The table entry in the router will include the address, a subnetmask of all ones and an indication of where to route the communication.If an address matches more than one entry in a routing table, thecommunication will generally be routed to the match having the most onesin the subnet mask; therefore, communications with the matching addresswill be routed to the host having the public IP address according to thepresent invention.

[0049]FIG. 6 is a flowchart describing another embodiment forcommunicating with host A. The embodiment of FIG. 6 involves sendingcommunications to and from host A via gateway 12. In step 300, host Brequests and receives resolution of the domain name for host A. In step302, host B creates one more packets to be sent to host A. These packetsinclude the public IP address for host A as the destination address.Host B sends the packets to host A in step 304. The packets are receivedat gateway 12 in step 306. In step 308, gateway 12 translates thepackets. That is, gateway 12 stores a table which associates or bindspublic IP addresses with local IP addresses. Upon receiving the packetshaving a destination address equal to the public IP address for host A,gateway 12 will change the destination address to be the private IPaddress for host A. In another alternative, gateway 12 can encapsulatethe packets received from host B into other packets which have adestination address equal to the private IP address of host A. In step310, the translated packets are sent to host A using the private addressfor host A.

[0050] Upon receiving the packets, host A responds to the communicationfrom host B. This response includes creating one or more IP packets instep 312. These IP packets use the private IP address for host A as thesource address. The destination address for these packets is the publicIP address for host B. These packets are sent from host A using theprivate address for host A in step 314. The packets are received atgateway 12 in step 316. Gateway 12 translates the packets in step 318.As discussed above, the translation can include encapsulating thepackets or changing the source address for the packets from the privateIP address for host A to the public IP address for host A. In step 320,gateway 12 sends the packets to host B using the public address for hostA as the source address. Note that in the embodiments of FIGS. 6 and 7,host B is a standard prior art host that does not know about and is notprogrammed to implement the present invention.

[0051]FIG. 7 is a flowchart describing another embodiment forcommunicating with host A. The process of FIG. 7 contemplates the use ofserver 30 by host B in order to resolve the domain name for host A. Instep 400 of FIG. 7, host B sends a request to server 30 to resolve thedomain name for host A. In step 402, server 30 receives the request fromhost B. In step 404, server 30 accesses its table that associates domainnames with public IP addresses. In step 406, server 30 determineswhether an entry exists in its table for the domain name for host A. Ifthere is no valid table entry, an error message is sent in step 408. Ifthere is a valid entry in the table, that entry is accessed in step 410.The entry identifies the public IP address for host A. In step 412,server 30 sends a response message to host B identifying the public IPaddress for host A. Note that server 30 and host B can communicate usinga protocol similar to that of the standard domain name system or aspecific protocol (e.g. predefined codes in a payload of a UDP segment)that can be created and implemented by one skilled in the art.

[0052] In step 414, host B creates packets for host A using the receivedpublic IP address for host A as the destination address. In step 416,host B sends the created packets to host A. After receiving the IPpackets, host A creates a response to host B in step 418. This responseincludes one more IP packets. The IP packets created by host A use thepublic IP address for host A as the source address. These packetscreated by host A are sent to host B in step 420. Host A and host B cancontinue to communicate with each other using steps 414-420. Note thatthe processes of FIGS. 5-7 can be performed one packet at a time ormultiple packets at a time. The processes can also be performed usingprotocols other than TCP/IP.

[0053] The foregoing detailed description of the invention has beenpresented for purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdisclosed. Many modifications and variations are possible in light ofthe above teaching. The described embodiments were chosen in order tobest explain the principles of the invention and its practicalapplication to thereby enable others skilled in the art to best utilizethe invention in various embodiments and with various modifications asare suited to the particular use contemplated. It is intended that thescope of the invention be defined by the claims appended hereto.

We claim:
 1. A method for communicating, comprising the steps of:electronically requesting a public address for an entity, said entityhas a private address prior to said step of electronically requesting;electronically receiving and storing said public address; andcommunicating using said public address.
 2. A method according to claim1, further comprising the steps of: electronically requesting saidprivate address; and electronically receiving and storing said privateaddress.
 3. A method according to claim 1, further comprising the stepof: connecting said entity to a private network, said entity is a mobilecomputing device.
 4. A method according to claim 1, wherein: saidprivate address and said public address are IP addresses.
 5. A methodaccording to claim 1, wherein: said public address is an IP address. 6.A method according to claim 1, further comprising the step of:electronically publishing said public address outside of a privatenetwork, said entity is in said private network.
 7. A method accordingto claim 6, wherein said step of electronically publishing comprises thestep of: requesting an update of DNS resource records for said entity.8. A method according to claim 6, wherein said step of electronicallypublishing comprises the step of: sending a message to a serverrequesting an update of an address value for said entity.
 9. A methodaccording to claim 6, wherein said step of electronically publishingcomprises the step of: sending a message to a server, said messageincludes a domain name for said entity and said public address.
 10. Amethod according to claim 9, wherein said step of electronicallypublishing further comprises the steps of: receiving said message atsaid server; accessing said domain name and public address at saidserver; determining that a data structure on said server stores an entryfor said domain name; and updating said entry for said domain name withsaid public address.
 11. A method according to claim 9, wherein saidstep of electronically publishing further comprises the steps of:receiving said message at said server; accessing said domain name andpublic address at said server; and creating an entry in a data structureon said server, said entry stores said domain name and said publicaddress.
 12. A method according to claim 1, wherein said step ofcommunicating includes the step of: receiving an initiation ofcommunication from an entity outside of a private network, said entityis in said private network.
 13. A method according to claim 1, whereinsaid step of communicating includes the step of: receiving an initiationof communication from a host outside of a private network, said entityis in said private network, said initiation of communication includes amessage, said message includes a destination address, said destinationaddress is said public address.
 14. A method according to claim 1,wherein said step of communicating includes the steps of: creating amessage, said message includes a source address, said source address issaid public address; and sending said message.
 15. A method according toclaim 1, wherein said step of communicating includes the step of:receiving a message, said message includes a destination address, saiddestination address is said public address.
 16. A method according toclaim 1, wherein said step of communicating includes the step of:receiving a message, said message includes a destination address, saiddestination address is said private address.
 17. A method according toclaim 1, wherein: said steps or requesting and receiving use saidprivate address.
 18. A method according to claim 1, wherein said step ofelectronically requesting comprises the steps of: broadcasting a messageto discover an address provider; and receiving a response from saidaddress provider, said response includes said public IP address.
 19. Amethod according to claim 1, wherein said step of electronicallyrequesting comprises the steps of: broadcasting a first message todiscover an address provider; receiving a response to said first messagefrom said address provide; sending an address request to said addressprovider; receiving a response to said address request from said addressprovider, said response to said address request includes said public IPaddress; and sending an acknowledgement to said address provider.
 20. Amethod according to claim 1, further comprising the steps of: sending arequest for resolution of a domain name for said entity, said requestfor resolution is sent from a host; receiving, at said host, said publicaddress in response to said request for resolution; creating a message,said message includes a destination address, said destination address issaid public address; and sending said message.
 21. A method according toclaim 20, further comprising the steps of: receiving said message at agateway; and translating said message at said gateway, said translatedmessage is addressed to said private address.
 22. A method according toclaim 20, further comprising the steps of: receiving said request forresolution at a server, said request for resolution includes a domainname; accessing a data structure of domain names and public addresses;determining whether a valid entry for said domain name exists in saiddata structure; accessing said public address in said data structurebased on said domain name; and sending a message from said server tosaid host in response to said request for resolution, said messageincludes said public address.
 23. A method according to claim 1, whereinsaid step of communicating includes the step of: sending a message froma host outside of a private network to said entity, said entity is insaid private network, said message includes said public address and doesnot include said private address, said private network does not includesubnets.
 24. A method according to claim 1, wherein said step ofcommunicating includes the steps of: sending a message from a hostoutside of a private network to a router associated with said privatenetwork, said entity is in said private network, said message includessaid public address and does not include said private address, saidpublic address is a host specific address with a subnet mask of allones; and routing said message from said router toward said entity basedon said host specific address.
 25. A method according to claim 1,wherein said step of communicating includes the steps of: sending amessage from a host outside of a private network to a gateway for saidprivate network, said entity is in said private network, said messageincludes said public address; translating said public address to saidprivate address at said gateway; and sending said message from saidgateway to said entity based on said private address.
 26. A method forcommunicating, comprising the steps of: electronically requesting apublic address for an entity in a private network; and electronicallypublishing said public address outside of said private network.
 27. Amethod according to claim 26, further comprising the step of:communicating using said public address.
 28. A method according to claim23, further comprising the step of: receiving an initiation ofcommunication from an entity outside of said private network, saidinitiation of communication includes a message, said message includessaid public address.
 29. A method according to claim 26, wherein saidstep of electronically requesting comprises the steps of: broadcasting amessage to discover an address provider; and receiving a response fromsaid address provider, said response includes said public IP address.30. A method according to claim 26, further comprising the steps of:electronically requesting a private address for said entity; andelectronically receiving and storing said private address at saidentity.
 31. A method according to claim 26, wherein said step ofelectronically publishing comprises the step of: requesting an update ofDNS resource records for said entity.
 32. A method according to claim26, wherein said step of electronically publishing comprises the stepof: sending a message to a server requesting an update of an addressvalue for said entity.
 33. A method according to claim 26, wherein saidstep of electronically publishing comprises the step of: sending amessage to a server, said message includes a domain name for said entityand said public address.
 34. A method according to claim 33, whereinsaid step of electronically publishing further comprises the steps of:receiving said message at said server; accessing said domain name andpublic address at said server; determining that a data structure on saidserver stores an entry for said domain name; and updating said entry forsaid domain name with said public address.
 35. A method according toclaim 33, wherein said step of electronically publishing furthercomprises the steps of: receiving said message at said server; accessingsaid domain name and public address at said server; and creating anentry in a data structure on said server, said entry stores said domainname and said public address.
 36. A method according to claim 26,wherein said step of communicating includes the steps of: creating amessage, said message includes a source address, said source address issaid public address; and sending said message.
 37. A method according toclaim 26, further comprising the steps of: receiving a message at saidentity, said message includes a destination address, said destinationaddress is said public address.
 38. A method according to claim 26,further comprising the steps of: sending a request for resolution of adomain name for said entity, said request for resolution is sent from ahost; receiving, at said host, said public address in response to saidrequest for resolution; creating a message, said message includes adestination address, said destination address is said public address;and sending said message to said entity.
 39. A method according to claim38, further comprising the steps of: receiving said request forresolution at a server, said request for resolution includes a domainname; accessing a data structure of domain names and public addresses;determining whether a valid entry for said domain name exists in saiddata structure; accessing said public address in said data structurebased on said domain name; and sending a message from said server tosaid host in response to said request for resolution, said messageincludes said public address.
 40. One or more processor readable storagedevices having processor readable code embodied on said processorreadable storage devices, said processor readable code for programmingone or more processors to perform a method comprising the steps of:electronically requesting a public identity for an entity, said entityhas a private identity prior to said step of electronically requesting,said step of electronically requesting is at least partially performedby said entity; electronically receiving and storing said publicidentity; and communicating using said public identity.
 41. One or moreprocessor readable storage devices according to claim 40, wherein saidmethod further comprises the steps of: electronically requesting saidprivate identity; and electronically receiving and storing said privateidentity.
 42. One or more processor readable storage devices accordingto claim 37, wherein: said private identity and said public identity areIP addresses.
 43. One or more processor readable storage devicesaccording to claim 42, wherein said method further comprises the stepof: electronically publishing said public identity outside of a privatenetwork, said entity is in said private network.
 44. One or moreprocessor readable storage devices according to claim 40, wherein saidmethod further comprises the step of: receiving an initiation ofcommunication from an entity outside of a private network, said entityis in said private network, said initiation of communication includes amessage, said message includes a destination address, said destinationaddress is said public identity.
 45. One or more processor readablestorage devices according to claim 40, wherein said method furthercomprises the steps of: creating a message, said message includes asource address, said source address is said public identity; and sendingsaid message.
 46. One or more processor readable storage devicesaccording to claim 40, wherein said step of communicating includes thesteps of: sending a message from a host outside of a private network toa router associated with said private network, said entity is in saidprivate network, said message includes said public address and does notinclude said private address, said public address is a host specificaddress with a subnet mask of all ones; and routing said message fromsaid router toward said entity based on said host specific address. 47.One or more processor readable storage devices according to claim 40,wherein said step of communicating includes the steps of: sending amessage from a host outside of a private network to a gateway for saidprivate network, said entity is in said private network, said messageincludes said public address; translating said public address to saidprivate address at said gateway; and sending said message from saidgateway to said entity based on said private address.
 48. One or moreprocessor readable storage devices having processor readable codeembodied on said processor readable storage devices, said processorreadable code for programming one or more processors to perform a methodcomprising the steps of: electronically requesting a public identity foran entity in a private network; and electronically publishing saidpublic identity outside of said private network.
 49. One or moreprocessor readable storage devices according to claim 48, wherein saidmethod further comprises the step of: receiving an initiation ofcommunication from an entity outside of said private network, saidinitiation of communication includes a message, said message includessaid public identity.
 50. One or more processor readable storage devicesaccording to claim 48, wherein said method further comprises the stepsof: electronically requesting a private identity for said entity; andelectronically receiving and storing said private identity at saidentity.
 51. One or more processor readable storage devices according toclaim 48, wherein said method further comprises the steps of: creating amessage, said message includes a source address, said source address issaid public identity; and sending said message.
 52. An apparatus,comprising: a communication interface; one or more storage devices; andone or more processors in communication with said one or more storagedevices and said communication interface, said one or more processorsprogrammed to perform a method comprising the steps of: electronicallyrequesting a public address for an entity, said entity has a privateaddress prior to said step of electronically requesting, said step ofelectronically requesting is at least partially performed by saidentity, electronically receiving and storing said public address, andcommunicating using said public address.
 53. An apparatus according toclaim 52, wherein said method further comprises the steps of:electronically requesting said private address; and electronicallyreceiving and storing said private address.
 54. An apparatus accordingto claim 52, wherein: said private address and said public address areIP addresses.
 55. An apparatus according to claim 52, wherein saidmethod further comprises the step of: electronically publishing saidpublic address outside of a private network, said entity is in saidprivate network.
 56. An apparatus according to claim 52, wherein saidmethod further comprises the step of: receiving an initiation ofcommunication from an entity outside of a private network, said entityis in said private network, said initiation of communication includes amessage, said message includes a destination address, said destinationaddress is said public address.
 57. An apparatus according to claim 52,wherein said method further comprises the steps of: creating a message,said message includes a source address, said source address is saidpublic address; and sending said message.
 58. An apparatus according toclaim 52, wherein said step of communicating includes the steps of:sending a message from a host outside of a private network to a routerassociated with said private network, said entity is in said privatenetwork, said message includes said public address and does not includesaid private address, said public address is a host specific addresswith a subnet mask of all ones; and routing said message from saidrouter toward said entity based on said host specific address.
 59. Anapparatus according to claim 52, wherein said step of communicatingincludes the steps of: sending a message from a host outside of aprivate network to a gateway for said private network, said entity is insaid private network, said message includes said public address;translating said public address to said private address at said gateway;and sending said message from said gateway to said entity based on saidprivate address.
 60. An apparatus, comprising: a communicationinterface; one or more storage devices; and one or more processors incommunication with said one or more storage devices and saidcommunication interface, said one or more processors programmed toperform a method comprising the steps of: electronically requesting apublic address for an entity in a private network, and electronicallypublishing said public address outside of said private network.
 61. Anapparatus according to claim 60, wherein said method further comprisesthe step of: receiving an initiation of communication from an entityoutside of said private network, said initiation of communicationincludes a message, said message includes said public address.
 62. Anapparatus according to claim 60, wherein said method further comprisesthe steps of: electronically requesting a private address for saidentity; and electronically receiving and storing said private address atsaid entity.
 63. An apparatus according to claim 60, wherein said methodfurther comprises the steps of: creating a message, said messageincludes a source address, said source address is said public address;and sending said message.